Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2025:21080-1
Release Date:	2025-11-26T15:35:13Z
Rating:	important
References:	bsc#1218644 bsc#1238472 bsc#1239206 bsc#1241166 bsc#1241637 bsc#1247222 bsc#1248630 bsc#1249161 bsc#1249226 bsc#1249302 bsc#1249317 bsc#1249397 bsc#1249398 bsc#1249495 bsc#1249512 bsc#1249608 bsc#1249735 bsc#1250202 bsc#1250379 bsc#1250400 bsc#1250455 bsc#1250491 bsc#1250704 bsc#1250721 bsc#1250749 bsc#1250946 bsc#1251176 bsc#1251177 bsc#1251232 bsc#1251233 bsc#1251804 bsc#1251809 bsc#1251819 bsc#1251930 bsc#1251967 bsc#1252033 bsc#1252035 bsc#1252039 bsc#1252044 bsc#1252047 bsc#1252051 bsc#1252052 bsc#1252056 bsc#1252060 bsc#1252062 bsc#1252064 bsc#1252065 bsc#1252067 bsc#1252069 bsc#1252070 bsc#1252072 bsc#1252074 bsc#1252075 bsc#1252076 bsc#1252078 bsc#1252079 bsc#1252081 bsc#1252082 bsc#1252083 bsc#1252253 bsc#1252265 bsc#1252267 bsc#1252270 bsc#1252330 bsc#1252333 bsc#1252336 bsc#1252346 bsc#1252348 bsc#1252349 bsc#1252678 bsc#1252679 bsc#1252688 bsc#1252725 bsc#1252734 bsc#1252772 bsc#1252774 bsc#1252780 bsc#1252785 bsc#1252787 bsc#1252789 bsc#1252797 bsc#1252819 bsc#1252822 bsc#1252826 bsc#1252841 bsc#1252848 bsc#1252849 bsc#1252850 bsc#1252851 bsc#1252854 bsc#1252858 bsc#1252862 bsc#1252865 bsc#1252866 bsc#1252873 bsc#1252902 bsc#1252909 bsc#1252915 bsc#1252918 bsc#1252921 bsc#1252939 jsc#PED-348 jsc#PED-4593 jsc#PED-9891
Cross-References:	CVE-2025-21816 CVE-2025-38653 CVE-2025-38718 CVE-2025-39676 CVE-2025-39702 CVE-2025-39756 CVE-2025-39779 CVE-2025-39797 CVE-2025-39812 CVE-2025-39866 CVE-2025-39876 CVE-2025-39881 CVE-2025-39895 CVE-2025-39903 CVE-2025-39911 CVE-2025-39947 CVE-2025-39948 CVE-2025-39949 CVE-2025-39950 CVE-2025-39955 CVE-2025-39956 CVE-2025-39963 CVE-2025-39965 CVE-2025-39967 CVE-2025-39968 CVE-2025-39969 CVE-2025-39970 CVE-2025-39971 CVE-2025-39972 CVE-2025-39973 CVE-2025-39978 CVE-2025-39979 CVE-2025-39981 CVE-2025-39982 CVE-2025-39984 CVE-2025-39985 CVE-2025-39986 CVE-2025-39987 CVE-2025-39988 CVE-2025-39991 CVE-2025-39992 CVE-2025-39993 CVE-2025-39994 CVE-2025-39995 CVE-2025-39996 CVE-2025-39997 CVE-2025-40000 CVE-2025-40005 CVE-2025-40009 CVE-2025-40011 CVE-2025-40012 CVE-2025-40013 CVE-2025-40016 CVE-2025-40018 CVE-2025-40019 CVE-2025-40020 CVE-2025-40029 CVE-2025-40032 CVE-2025-40035 CVE-2025-40036 CVE-2025-40037 CVE-2025-40040 CVE-2025-40043 CVE-2025-40044 CVE-2025-40048 CVE-2025-40049 CVE-2025-40051 CVE-2025-40052 CVE-2025-40056 CVE-2025-40058 CVE-2025-40060 CVE-2025-40061 CVE-2025-40062 CVE-2025-40071 CVE-2025-40078 CVE-2025-40080 CVE-2025-40085 CVE-2025-40087 CVE-2025-40091 CVE-2025-40096 CVE-2025-40100 CVE-2025-40104 CVE-2025-40364
CVSS scores:	CVE-2025-21816 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-21816 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38653 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-38653 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-38718 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39676 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39702 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39756 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39779 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39779 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39797 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39797 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-39797 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39812 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-39812 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2025-39866 ( SUSE ): 7.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39866 ( SUSE ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-39876 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39881 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39895 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39895 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39903 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39903 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-39911 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39947 ( SUSE ): 5.6 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39947 ( SUSE ): 4.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-39948 ( SUSE ): 5.3 CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-39948 ( SUSE ): 4.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-39949 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39949 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-39950 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39950 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-39955 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39955 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-39956 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39956 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-39963 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39963 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39965 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39965 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-39967 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39967 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-39968 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-39968 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-39969 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N CVE-2025-39969 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2025-39970 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39970 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2025-39971 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-39971 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-39972 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-39972 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2025-39973 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39973 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39978 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39978 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39979 ( SUSE ): 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39979 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39981 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-39981 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-39982 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39984 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39985 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39986 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39987 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39988 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39991 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39992 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39993 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39994 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39995 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39996 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-39997 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40000 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40005 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40005 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-40009 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40009 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40011 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40011 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40012 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40012 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40013 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40013 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40016 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-40016 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2025-40018 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40018 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40019 ( SUSE ): 7.3 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40019 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2025-40020 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40020 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40029 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40029 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40032 ( SUSE ): 6.7 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40032 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2025-40035 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40036 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40037 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40037 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40040 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40040 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40043 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40043 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-40044 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40044 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-40048 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40049 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40049 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2025-40051 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40052 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40056 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40056 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40058 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40060 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40061 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40062 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40071 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40078 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40080 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40085 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40085 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2025-40087 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40091 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40091 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2025-40096 ( SUSE ): 5.8 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N CVE-2025-40096 ( SUSE ): 5.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H CVE-2025-40100 ( SUSE ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVE-2025-40100 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-40104 ( SUSE ): 0.0 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N CVE-2025-40104 ( SUSE ): 0.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N CVE-2025-40364 ( SUSE ): 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVE-2025-40364 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2025-40364 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Micro 6.2

An update that solves 83 vulnerabilities, contains three features and has 18 fixes can now be installed.

Description:

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues

The following security issues were fixed:

CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472).
CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630).
CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161).
CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302).
CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317).
CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512).
CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495).
CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202).
CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455).
CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400).
CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379).
CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721).
CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749).
CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704).
CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232).
CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233).
CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177).
CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176).
CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804).
CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809).
CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819).
CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047).
CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044).
CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051).
CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052).
CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039).
CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035).
CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069).
CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067).
CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081).
CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076).
CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062).
CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349).
CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330).
CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688).
CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780).
CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858).
CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826).
CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848).
CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789).
CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774).
CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918).

The following non security issues were fixed:

add bug reference to existing hv_netvsc change (bsc#1252265)
amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226).
cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166).
cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166).
cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166).
doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT The character was previously 'N', but upstream used it for TAINT_TEST, which prompted the change of TAINT_NO_SUPPORT to 'n'.
dpll: zl3073x: Add firmware loading functionality (bsc#1252253).
dpll: zl3073x: Add functions to access hardware registers (bsc#1252253).
dpll: zl3073x: Add low-level flash functions (bsc#1252253).
dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253).
dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253).
dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253).
dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253).
dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253).
dpll: zl3073x: Implement devlink flash callback (bsc#1252253).
dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253).
dpll: zl3073x: Refactor DPLL initialization (bsc#1252253).
drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes).
drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes).
ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222).
ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222).
ixgbevf: fix getting link speed data for E610 devices (bsc#1247222).
ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222).
kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270).
kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939).
kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930).
nvme-auth: update sc_c in host response (git-fixes bsc#1249397).
perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes).
phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes).
powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes).
proc: fix missing pde_set_flags() for net proc files (bsc#1248630)
proc: fix type confusion in pde_set_flags() (bsc#1248630)
rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946)
scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267).
x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725).
x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734).
x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734).
x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348).

Special Instructions and Notes:

Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE Linux Micro 6.2
zypper in -t patch SUSE-SL-Micro-6.2-58=1

Package List:

SUSE Linux Micro 6.2 (noarch)
- kernel-source-6.12.0-160000.7.1
- kernel-macros-6.12.0-160000.7.1
- kernel-devel-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64 ppc64le x86_64)
- kernel-default-base-6.12.0-160000.6.1.160000.2.4
SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64 nosrc)
- kernel-default-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
- kernel-default-debugsource-6.12.0-160000.7.1
- kernel-default-devel-6.12.0-160000.7.1
- kernel-default-extra-debuginfo-6.12.0-160000.7.1
- kernel-default-debuginfo-6.12.0-160000.7.1
- kernel-default-extra-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (x86_64)
- kernel-default-devel-debuginfo-6.12.0-160000.7.1
- kernel-rt-livepatch-6.12.0-160000.7.1
- kernel-rt-devel-debuginfo-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (ppc64le s390x x86_64)
- kernel-default-livepatch-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64 nosrc x86_64)
- kernel-rt-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64 x86_64)
- kernel-rt-debugsource-6.12.0-160000.7.1
- kernel-rt-devel-6.12.0-160000.7.1
- kernel-rt-debuginfo-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64 nosrc)
- kernel-64kb-6.12.0-160000.7.1
SUSE Linux Micro 6.2 (aarch64)
- kernel-64kb-debuginfo-6.12.0-160000.7.1
- kernel-64kb-devel-6.12.0-160000.7.1
- kernel-64kb-debugsource-6.12.0-160000.7.1

Security update for the Linux Kernel

Description:

Special Instructions and Notes:

Patch Instructions:

Package List:

References: